PostgreSQL 8.3 < 8.3.23 / 8.4 < 8.4.16 / 9.0 < 9.0.12 / 9.1 < 9.1.8 / 9.2 < 9.2.3 Denial of Service

This script is Copyright (C) 2013-2014 Tenable Network Security, Inc.


Synopsis :

The remote database server is affected by a denial of service
vulnerability.

Description :

The version of PostgreSQL installed on the remote host is 8.3.x prior
to 8.3.23, 8.4.x prior to 8.4.16, 9.0.x prior to 9.0.12, 9.1.x prior to
9.1.8 or 9.2 prior to 9.2.3. It is, therefore, potentially affected by
a denial of service vulnerability due to a flaw in the enum_recv()
function of 'backend/utils/adt/enum.c'. By exploiting this flaw, a
remote attacker could crash the affected application.

See also :

http://www.postgresql.org/about/news/1446/
http://www.postgresql.org/docs/8.3/static/release-8-3-23.html
http://www.postgresql.org/docs/8.4/static/release-8-4-16.html
http://www.postgresql.org/docs/9.0/static/release-9-0-12.html
http://www.postgresql.org/docs/9.1/static/release-9-1-8.html
http://www.postgresql.org/docs/9.2/static/release-9-2-3.html

Solution :

Upgrade to PostgreSQL 8.3.23 / 8.4.16 / 9.0.12 / 9.1.8 / 9.2.3 or
later.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS Temporal Score : 4.3
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Family: Databases

Nessus Plugin ID: 64669 ()

Bugtraq ID: 57844

CVE ID: CVE-2013-0255